ClawHub

agentar

Security checks across malware telemetry and agentic risk

Overview

This skill matches an agent backup and migration purpose, but it can import remote packages that persistently change OpenClaw state without enough package verification or implementation transparency.

Review this skill before installing. Use it only with .claw packages from sources you trust, prefer local files over URLs, inspect dry-run output and bundled skills before import, and verify exports yourself before sharing because the submitted artifacts do not include the implementation that strips credentials or performs backups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill instructs downloading a user-provided URL with curl and then proceeding with package import. That expands the skill from local package import/export into arbitrary remote retrieval, which can fetch untrusted content and create a direct path to importing attacker-controlled .claw packages. In this context, the package is later processed and installed into the agent workspace, so remote fetch materially increases risk.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill instructs the agent to install additional skills from ClawHub after import, which goes beyond the stated purpose of importing/exporting agentar packages. This turns the workflow into a secondary package manager path that can introduce unreviewed code or broaden trust transitively from the imported package to external dependencies.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The export workflow is triggered by broad natural-language phrases like 'export my setup' and 'backup my openclaw'. Overbroad triggers can cause the skill to activate unintentionally and begin enumerating workspace contents and preparing exports of potentially sensitive agent state without sufficiently explicit user intent.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The import workflow activates on ambiguous phrases such as 'install this claw' and broad installation language, which risks invoking package-loading behavior when the user may mean something else. Because import changes workspace files, installs bundled skills, and alters agent state, ambiguous triggering increases the chance of unintended modification.

Vague Triggers

Medium
Confidence
80% confidence
Finding
Rollback is bound to vague phrases like 'undo import' and 'restore my old config', which overlap with many ordinary support requests. Since rollback restores prior workspace and config state, an accidental invocation could overwrite current state and cause data loss or confusion even if safety backups exist.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal